Attacks on Fiber Networks Baffle FBI

The attacker struck close to midnight, climbing into a manhole at the mouth of California’s Niles Canyon and slicing a series of cables that collectively carried billions of bits of Internet data.

Hundreds of miles away at a Zayo Group Holdings Inc. network operations center in Tulsa, Okla., engineers saw the disruption immediately and later a second break made further up the road the same February night.

As monitoring software lighted up with red bars indicating several circuit failures, technicians pinpointed the breaches at a familiar place—the site of two previous cuts. Several months later, in June, Fremont, Calif., police reported a fifth cut.

The Federal Bureau of Investigation says San Francisco’s Bay Area has suffered more than a dozen attacks on its fiber optic infrastructure over the past year. The attacks slow Internet service and disrupt financial transactions and emergency phone calls.

The way the cuts are clustered on single nights around the East Bay and in San Jose, Calif., at the heart of Silicon Valley, have led officials to believe the attacks are intentional. Beyond that, they have yet to nail down a motive, let alone a culprit, creating an unusual cyber whodunit with few leads and little understanding.

“Everyone recognizes that there seems to be a pattern of events here,” said John Lightfoot, assistant deputy agent in charge at the FBI’s San Francisco office. “We really need the assistance of the public to reach out and help solve this one.”

The attacks show how easy it is for troublemakers to cause disruption for businesses that rely on the Web, though the impact is also mitigated by the Internet’s flexibility, which allows telecom companies to quickly route around the cuts while their repair crews patch up the damage.

Experts say the networks that process everything from purchases to 911 calls are much more vulnerable than other critical infrastructure like power plants. First, the cables are clearly marked to prevent accidental damage. And they are also ubiquitous, tucked into manholes or smaller hand-holes that are underneath city streets or next to out-of-the-way train tracks, making them difficult to defend.

“You don’t have to be well-trained to know that there is cable,” said Felipe Alvarez, chief executive of East Coast telecom provider Axiom Fiber Networks. “That is worrisome.”

The Federal Communications Commission requires telecom companies to report failures that have major impacts on users or that disrupt 911 services or key government facilities. Each year carriers report thousands of such outages, most of which are caused by accidents. Intentional cuts are still a small part of the thousands of cuts reported across the U.S. each year.

In the three years to 2013, slightly more than 100 incidents of malicious activity have interrupted service each year, according to the FCC data.

In the first nine months of last year, there were only 39 reported incidents of vandalism nationwide. An additional three were chalked up to thieves trying to steal metal cables, while 16 cited gunfire—often the result of drunk shooters using wires for target practice, industry experts say.

Engineers at the largest companies say local cable and telephone networks suffer breaks from car crashes, construction and animals nearly every day.

Level 3 Communications Inc., a network provider, deals with about 300 major cuts on its network a year, according to Brian Harvey, the carrier’s regional president of North American operations. Most are caused by mistakes by construction crews or by animals chewing through the cables.

Level 3 says only about 5% of those failures are intentional. Even then, culprits are usually found to be searching in vain for copper to sell on the black market. Otherwise “it’s people who are mad,” Mr. Harvey said. “They’ve got some sort of grievance against Level 3 or telecom in general.”

The pattern of cuts in Northern California caught the attention of the area’s joint terrorism task force, which includes representatives from the FBI, the Department of Homeland Security and local police. Carriers’ security experts have also met with police on the issue.

Most of the cable cuts reported in the Bay Area happened under the cover of darkness around midnight, according to an FBI news release seeking information. No one has come forward as a witness to any of the late-night infractions.

Network experts say the perpetrator might only need a hacksaw and manhole lifter to get the job done and some basic knowledge of where cables would be. Authorities are unsure how many people might be involved.

A rash of attacks last summer hit cables in Berkeley, San Jose and Walnut Creek within a few hours. A single saboteur could theoretically drive to each spot in a single night, but there would be little time to spare.

The FBI’s Mr. Lightfoot is fairly certain about one thing: These attacks aren’t related to a 2013 attack on a PG&E power station in the area. In that incident, the attacker went into an underground vault to slice telephone cables before snipers open fired on the substation.

AT&T Inc. offered a $250,000 reward for information leading to an arrest in that case. The company is also offering a $10,000 bounty for information about the latest spate of cuts.

The latest attack on Internet cables in the area occurred at the end of June. Near a highway bridge in Livermore, Calif., an attacker opened a manhole housing several separate telecom providers’ cables and cut three bundles of lines at around 4 a.m.

The effects were swift. Phone and TV signals were knocked out around the Sacramento area potentially affecting emergency calls. Hurricane Electric, an Internet service provider, reported that business customers faced slow service as far north as Seattle.

FBI investigators arrived on the scene later to collect evidence while teams of workers hired by each company waited to get service restored. Once the agents were done scouring the scene, each crew climbed down into the manhole and pulled several hundred feet of slack cable that telecom providers keep coiled in case a line is cut.

The crews then started repairing the damage by splicing each strand of glass fiber bundled into the cables, a process that took up most of the rest of the day when the service was finally restored to normal.

The original story attacks on Fiber Networks Baffle FBI can be read here.